Attempts to update dependencies and validate that the upgrade is safe #73
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Attempts to update dependencies and validate that the upgrade is safe | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| # Attempt to update things every Monday at 16:00 UTC (~ mid-morning mountain time) | |
| - cron: "0 16 * * 1" | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| jobs: | |
| propose-dotfile-version-updates: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Setup nix | |
| uses: cachix/install-nix-action@v27 | |
| - name: Update flake versions | |
| id: update-versions | |
| run: | | |
| { | |
| echo 'FLAKE_OUTPUT<<EOF' | |
| nix flake update 2>&1 | |
| echo EOF | |
| } >> "$GITHUB_OUTPUT" | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| - name: Attempt to build the image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| - name: Create Pull Request | |
| if: ${{ success() }} | |
| id: create-pull-request | |
| uses: peter-evans/create-pull-request@v7 | |
| with: | |
| title: Automatic dotfile version updates | |
| body: | | |
| Updates the pinned input versions: | |
| ``` | |
| ${{ steps.update-versions.outputs.FLAKE_OUTPUT }} | |
| ``` | |
| PR automatically generated by [create-pull-request](https://github.com/peter-evans/create-pull-request) | |
| delete-branch: true | |
| branch: automated/version-updates | |
| base: main | |
| - name: Notify about updated versions | |
| if: ${{ success() && github.ref == 'refs/heads/main' }} | |
| uses: nobrayner/discord-webhook@v1 | |
| with: | |
| github-token: ${{ secrets.github_token }} | |
| discord-webhook: ${{ secrets.DISCORD_WEBHOOK }} | |
| title: 'Updated version pins are available for review' | |
| description: 'Review [the changes](${{ steps.create-pull-request.outputs.pull-request-url }}) to ensure they are valid.' | |
| - name: Notify about failed versions update | |
| if: ${{ failure() && github.ref == 'refs/heads/main' }} | |
| uses: nobrayner/discord-webhook@v1 | |
| with: | |
| github-token: ${{ secrets.github_token }} | |
| discord-webhook: ${{ secrets.DISCORD_WEBHOOK }} | |
| title: 'Error while attempting to update pinned versions' | |
| severity: error | |
| description: 'There may be incompatibilities that need to be fixed.' |